| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
7001 |
CVE-2016-10956 |
20 |
|
File Inclusion |
2019-09-16 |
2019-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. |
|
7002 |
CVE-2016-10937 |
295 |
|
|
2019-09-08 |
2019-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. |
|
7003 |
CVE-2016-10932 |
254 |
|
|
2019-08-26 |
2019-08-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. |
|
7004 |
CVE-2016-10929 |
264 |
|
|
2019-08-22 |
2019-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in. |
|
7005 |
CVE-2016-10928 |
798 |
|
|
2019-08-22 |
2019-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@[email protected]@@ password for just-in-time provisioned users. |
|
7006 |
CVE-2016-10924 |
22 |
|
Dir. Trav. |
2019-08-22 |
2019-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ebook-download plugin before 1.2 for WordPress has directory traversal. |
|
7007 |
CVE-2016-10899 |
20 |
|
|
2019-08-21 |
2019-08-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability. |
|
7008 |
CVE-2016-10883 |
352 |
|
CSRF |
2019-08-14 |
2019-08-20 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users. |
|
7009 |
CVE-2016-10860 |
284 |
|
|
2019-08-01 |
2019-08-12 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). |
|
7010 |
CVE-2016-10859 |
285 |
|
|
2019-08-01 |
2019-08-08 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). |
|
7011 |
CVE-2016-10847 |
74 |
|
|
2019-08-01 |
2019-08-08 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). |
|
7012 |
CVE-2016-10843 |
77 |
|
Exec Code |
2019-08-01 |
2019-08-08 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). |
|
7013 |
CVE-2016-10839 |
89 |
|
Sql |
2019-08-01 |
2019-08-13 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). |
|
7014 |
CVE-2016-10833 |
287 |
|
|
2019-08-01 |
2019-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). |
|
7015 |
CVE-2016-10830 |
284 |
|
Bypass |
2019-08-01 |
2019-08-12 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). |
|
7016 |
CVE-2016-10825 |
358 |
|
Bypass |
2019-08-01 |
2019-08-12 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). |
|
7017 |
CVE-2016-10803 |
93 |
|
|
2019-08-07 |
2019-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). |
|
7018 |
CVE-2016-10791 |
255 |
|
|
2019-08-06 |
2019-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). |
|
7019 |
CVE-2016-10790 |
200 |
|
+Info |
2019-08-06 |
2019-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). |
|
7020 |
CVE-2016-10787 |
20 |
|
|
2019-08-06 |
2019-08-09 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). |
|
7021 |
CVE-2016-10771 |
20 |
|
|
2019-08-05 |
2019-08-09 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). |
|
7022 |
CVE-2016-10770 |
20 |
|
|
2019-08-05 |
2019-08-09 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). |
|
7023 |
CVE-2016-10769 |
601 |
|
|
2019-08-05 |
2019-08-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). |
|
7024 |
CVE-2016-10768 |
20 |
|
|
2019-08-05 |
2019-08-08 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). |
|
7025 |
CVE-2016-10765 |
20 |
|
|
2019-07-29 |
2019-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. |
|
7026 |
CVE-2016-10762 |
77 |
|
|
2019-07-18 |
2019-07-18 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. |
|
7027 |
CVE-2016-10746 |
254 |
|
|
2019-04-18 |
2019-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. |
|
7028 |
CVE-2016-10745 |
134 |
|
|
2019-04-08 |
2019-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. |
|
7029 |
CVE-2016-10743 |
332 |
|
|
2019-03-23 |
2019-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. |
|
7030 |
CVE-2016-10728 |
20 |
|
|
2018-07-23 |
2018-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection. |
|
7031 |
CVE-2016-10727 |
200 |
|
+Info |
2018-07-20 |
2018-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly. |
|
7032 |
CVE-2016-10726 |
22 |
|
Dir. Trav. |
2018-07-10 |
2018-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI. |
|
7033 |
CVE-2016-10725 |
310 |
|
|
2018-07-05 |
2019-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. |
|
7034 |
CVE-2016-10718 |
20 |
|
DoS |
2018-04-03 |
2018-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service. |
|
7035 |
CVE-2016-10712 |
20 |
|
|
2018-02-09 |
2019-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker. |
|
7036 |
CVE-2016-10708 |
476 |
|
DoS |
2018-01-21 |
2019-06-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. |
|
7037 |
CVE-2016-10707 |
400 |
|
DoS |
2018-01-18 |
2018-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit. |
|
7038 |
CVE-2016-10702 |
200 |
|
+Info |
2017-11-28 |
2017-12-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary. |
|
7039 |
CVE-2016-10561 |
22 |
|
Dir. Trav. |
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests. |
|
7040 |
CVE-2016-10556 |
89 |
|
Sql |
2018-05-29 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table. |
|
7041 |
CVE-2016-10552 |
254 |
|
|
2018-05-31 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. |
|
7042 |
CVE-2016-10543 |
20 |
|
Bypass |
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules. |
|
7043 |
CVE-2016-10542 |
20 |
|
|
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. |
|
7044 |
CVE-2016-10540 |
20 |
|
|
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. |
|
7045 |
CVE-2016-10539 |
20 |
|
DoS |
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string. |
|
7046 |
CVE-2016-10527 |
399 |
|
|
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions. |
|
7047 |
CVE-2016-10526 |
255 |
|
|
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised. |
|
7048 |
CVE-2016-10523 |
119 |
|
Overflow |
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth. |
|
7049 |
CVE-2016-10521 |
20 |
|
DoS |
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. |
|
7050 |
CVE-2016-10520 |
20 |
|
DoS |
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. |
